Principles of Ethical Computer Use Policy

The School of Education, Syracuse University defines Ethical Principles as a principle that "provides a generalized framework within which particular ethical dilemmas may be analyzed" (soe.syr.edu, n. d). Without an ethical principle framework to guide users on the standard use of a firm's computer system, there is bound to be a breach to the security policy guiding such computer system. There are three ethical principles of computer use policy I think all organizations must embrace:

Defense-in-Depth Principles

Awareness Principles and

Accountability principles

 Defense-in-Depth: the principles of defense-in-depth or layered security approach allow a firm to harden its computer system security. The layered security approach ensures that when one layer of security fails, the other layers can ensure the integrity of the data contained in the computer system. The defense-in-depth principle is important for computer systems that house important user/ company information. Therefore, including the Defense-in-depth principle in the computer use policy ensures there is a failsafe security in the event one layer is compromised.

Awareness Principle: Awareness principle is importance in drafting a computer use policy because without the users been properly informed of the security requirement of using the computer system, they are likely to deviate from such policy. Hence, it is essential for the computer use policy to contain an awareness program that the firm must take to ensure all users are inform and practice the tenet of the computer use policy.

Accountability Principle: Accountability principle is a very important principle since it deals with the integrity and non-repudiation. Accountability ensures that records and logs of all access to the information system are maintained for auditing also, in the event of an incident, accountability ensures that the chain-of-custody is maintained. Furthermore, accountability helps ensure that users understand the policy and are solely responsible for the actions they take while using the organization resources (Johnson, R., 2015).

These three principles, I believe are essential principles a firm must embrace to ensure the Confidentiality, Integrity, and Accessibility of the information system. My case study for the Term paper is on Facebook. I analyzed how the firm implements its security policy and comply with laws and regulations governing user data. Although Google and Facebook business model is different, they both share a similarity in their core business strategy. During my analysis of Facebook security policies, I discover that although the firm has a strong internal security. The firm is lass in securing of users' information and in its enforcement, which allowed a third-party application to exploit these vulnerabilities to mine the data of eighty-seven million users on Facebook. Its corporate culture is also weak in ensuring that security principles and federal regulations within its security policies are in compliance and are met by these third-party applications.

 Google who also has the same strategy for generating funds, has a better corporate security culture. Google corporate security culture includes performing background checks, criminal, credit, immigration, and security checks on its new hires. Additionally, the firm conducts security training for all employees and ensuring they learn the company's code of conduct. The firm also regularly hosts internal awareness conference on security awareness. Lastly, unlike Facebook, the firm has a dedicated team that monitors and review security compliance laws and regulation, the team also "facilitates and supports independent audits and assessments by third parties" (Google, n. d) to ensure compliance. 

References

Google, (n. d). Google Cloud Security and Compliance. Retrieved from: https://gsuite.google.com/learn-more/security/security-whitepaper/page-2.html

Johnson, R., (2015). Security policies and Implementation Issues (2nd ed). Burlington, MA: Jones & Bartlett Learning. ISBN: 978-1-284-05599-3

Reference

Google, (n. d). Google Cloud Security and Compliance. Retrieved from: https://gsuite.google.com/learn-more/security/security-whitepaper/page-2.html

soe.syr.edu, (n. d). ETHICAL PRINCIPLES. Retrieved from: http://soe.syr.edu/academic/counseling_and_human_services/modules/Common_Ethical_Issues/ethical_principles.aspx